We had a flurry of spam messages get through the mail scrubbers. The natural response is that the cyber security team should deal.
But, despite vendors selling to the CISO, is spam a CISO issue?
These people think it is
But I am not sure.
Why it is:
- Er, it’s IT and it needs to be stopped. Securely
Why it is not
- Spam, per se, does not affect the integrity of your systems
- Spam, per se, does not affect the availability of your systems
- Spam, per se, does not affect the confidentiality of your systems
The effect of someone clicking on a dodgy link might well be a compromise to your information. The disclosure of personal details might be a security incident.
But the anti-spam engine not working: is that really a CISO matter?